[CentOS] Syslog

Tue Jun 27 20:56:52 UTC 2006
William L. Maltby <BillsCentOS at triad.rr.com>

On Tue, 2006-06-27 at 16:28 -0400, Sam Drinkard wrote:
> 
> William L. Maltby wrote:
> > On Tue, 2006-06-27 at 16:08 -0400, Sam Drinkard wrote:
> ><snip>

> No joy.  Q.  I see a process called "klogd" is running a different pid 
> from syslogd.  I don't ever recall seeing something as klogd before??  I 
> got a sneaking suspicion I stopped something, but if I only knew what 
> besides syslogd was required.  Portmap does not apparently need to be 
> running, as nothing still has been written to the log file, and a reboot 
> did not help.  Rats.....

OK. You have entered the zone where you will *quickly* look at things
and jump to conclusions, like seeing a "reasonable" date on
the /etc/syslog.conf file and saying "It hasn't changed". But something
could change it and "touch" the date. Or an untar or cpio extract
carries the date of the original file... you see where I'm going.

So this is the time to start at square one. I think it is Rodrigo's
suggestion. And one that is easy is to actually look at the logfile
contents and date. Here's mine for comparison, but yours could have
minor variations I guess.

[root at wlmlfs08 InstallUpdate]# ls -l /etc/sysl*
-rw-r--r--  1 root root 938 Oct  4  2005 /etc/syslog.conf

I've attached the contents so uninterested parties don't have to be
bored with the details.

> <snip sig stuff>

Any boot-time params changed (grub.conf) that might have unexpected
effects? Any system configuration changes (chkconfig...)

chkconfig --list

any help?

I'm out of ideas now.
-- 
Bill
-------------- next part --------------
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*							/dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;news.none;authpriv.none;cron.none		/var/log/messages

# The authpriv file has restricted access.
authpriv.*						/var/log/secure

# Log all the mail messages in one place.
mail.*							-/var/log/maillog


# Log cron stuff
cron.*							/var/log/cron

# Everybody gets emergency messages
*.emerg							*

# Save news errors of level crit and higher in a special file.
uucp,news.crit						/var/log/spooler

# Save boot messages also to boot.log
local7.*						/var/log/boot.log

#
# INN
#
news.=crit                                        /var/log/news/news.crit
news.=err                                         /var/log/news/news.err
news.notice                                       /var/log/news/news.notice
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20060627/9d1333d8/attachment-0005.sig>